Internet Engineering Task Force 
Request for Comments: 7494 
Category: Standards Track 

ISSN: 2070-1721 


(IETF) C. Shao 
H. Deng 
China Mobile 


R. Pazhyannur 
Cisco Systems 

F. Bari 

AT&T 

R. Zhang 

China Telecom 

S. Matsushima 
SoftBank Telecom 
April 2015 


IEEE 802.11 Medium Access Control (MAC) 
Provisioning of Wireless Access Points 


Profile for Control and 
(CAPWAP ) 


Abstract 


The Control and Provisioning of Wireless Access Points (CAPWAP) 
protocol binding for IEEE 802.11 defines two Medium Access Control 
(MAC) modes for IEEE 802.11 Wireless Transmission Points (WTPs): 
Split and Local MAC. In the Split MAC mode, the partitioning of 
encryption/decryption functions is not clearly defined. In the Split 
MAC mode description, IEEE 802.11 encryption is specified as located 
in either the Access Controller (AC) or the WTP, with no clear way 
for the AC to inform the WTP of where the encryption functionality 
should be located. This leads to interoperability issues, especially 
when the AC and WIP come from different vendors. To prevent 
interoperability issues, this specification defines an IEEE 802.11 
MAC Profile message element in which each profile specifies an 
unambiguous division of encryption functionality between the WTP and 
AC. 
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This is an Internet Standards Track document. 


This document is a product of the Internet Engineering Task Force 
(IETF). It represents the consensus of the IETF community. It has 
received public review and has been approved for publication by the 
Internet Engineering Steering Group (IESG). Further information on 
Internet Standards is available in Section 2 of RFC 5741. 
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http://www.rfc-editor.org/info/rfc7494. 
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1. Introduction 


The CAPWAP protocol supports two MAC modes of operation: Split and 
Local MAC, as described in [RFC5415] and [RFC5416]. However, there 
are MAC functions that have not been clearly defined. For example, 
IEEE 802.11 [IEEE.802.11] encryption is specified as located in 
either the AC or the WTP with no clear way to negotiate where it 
should be located. Because different vendors have different 
definitions of the MAC mode, many MAC-layer functions are mapped 
differently to either the WIP or the AC by different vendors. 
Therefore, depending upon the vendor, the operators in their 
deployments have to perform different configurations based on 
implementation of the two modes by their vendor. If there is no 
clear specification, then operators will experience interoperability 
issues with WTPs and ACs from different vendors. 


Figure 1 from [RFC5416] illustrates how some functions are processed 
in different places in the Local MAC and Split MAC mode. 
Specifically, note that in the Split MAC mode, the IEEE 802.11 
encryption/decryption is specified as WIP/AC, implying that it could 
be at either location. This is not an issue with Local MAC because 
encryption is always at the WTP. 
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+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++ 
| Functions | Local MAC | Split Mac | 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++++ 
|Distribution Service | wrP/ac | AC | 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
| Integration Service | WTP | AC | 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
|Beacon Generation | WTP | WTP | 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
|Probe Response Generation| WTP | WIP | 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
Function |Power Mgmt / | WTP | WTP | 
|Packet Buffering | | | 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
|Fragmentation/ | WTP | WTP/AC | 
|Defragmentation | | 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
|Assoc/Disassoc/Reassoc | WTIP/AC_ | AC | 
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
|Classifying | WTP | AC | 
IEEE +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
802.11 QoS |Scheduling | WTP | WTP/AC | 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
| Queuing | WTP | WTP | 
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
| IEEE 802.1X/EAP | AC | AC | 
IEEE +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
802.11 RSN | RSNA Key Management | AC | AC 
(WPA2) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
| IEEE 802.11 | WTP | WIP/AC | 
|Encryption/Decryption | | | 
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 


O_o 


Note: 
RSN - Robust Security Network 
RSNA - Robust Security Network Association 
WPA2 - Wi-Fi Protected Access 2 


Figure 1: Functions in Local MAC and Split MAC 
To solve this problem, this specification introduces the IEEE 802.11 


MAC Profile. The IEEE 802.11 MAC Profile unambiguously specifies 
where the various MAC functionalities should be located. 
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2. IEEE MAC Profile Descriptions 


A IEEE 802.11 MAC Profile refers to a description of how the MAC 
functionality is split between the WTP and AC shown in Figure 1. 


2.1. Split MAC with WTP Encryption 


The functional split for the Split MAC with WTP encryption is 
provided in Figure 2. This profile is similar to the Split MAC 
description in [RFC5416], except that IEEE 802.11 encryption/ 
decryption is at the WTP. Note that fragmentation is always done at 
the same entity as the encryption. Consequently, in this profile 
fragmentation/defragmentation is also done only at the WIP. Note 
that scheduling functionality is denoted as WIP/AC. As explained in 
[RFC5416], this means that the admission control component of IEEE 
802.11 resides on the AC; the real-time scheduling and queuing 
functions are on the WTP. 
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2.2. Split MAC with AC Encryption 


The functional split for the Split MAC with AC encryption is provided 
in Figure 3. This profile is similar to the Split MAC in [RFC5416], 
except that IEEE 802.11 encryption/decryption is at the AC. Since 
fragmentation is always done at the same entity as the encryption, in 
this profile, AC does fragmentation/defragmentation. 


+-4+-4-4+-4+-4-4-4-4-4-4-4+-4-4-4+-4-4+-4+-4+-4-4-4+-4-4-4-4-4 


|Encryption/Decryption | | 
E E E E EE E E E EE 


| Functions | Profile | 
1 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+++ +++ 
| |Distribution Service | ac | 
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 
| | Integration Service | ac 
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 
| |Beacon Generation | WTP 
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 
| |Probe Response Generation| WTP | 
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 
| Function |Power Mgmt / | WTP | 
+ |Packet Buffering | 
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
| |Fragmentation/ | ac | 
+ | Defragmentation | 
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++ 
| |Assoc/Disassoc/Reassoc | AC | 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ EE E E 
| |Classifying | AC | 
+ IEEE +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 
| 802.11 QoS |Scheduling | WTP | 
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 
| |Queuing | WTP | 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+++ EE E E 
| |IEEE 802.1X/EAP | ac | 
+ IEEE +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 
| 802.11 RSN | RSNA Key Management | AC 
+  (WPA2) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++ 
| | IEEE 802.11 | Aac | 
+ 
| 


Figure 3: Functions in Split MAC with AC encryption 
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2.3. IEEE 802.11 MAC Profile Frame Exchange 


An example of message exchange using the IEEE 802.11 MAC Profile 
message element is shown in Figure 4. The WIP informs the AC of the 
various MAC Profiles it supports. This happens in either a Discovery 
Request message or the Join Request message. The AC determines the 
appropriate profile and configures the WIP with the profile while 
configuring the WLAN. 


+-+-+-+-+-+-+ +-+-+-+-+-+-+ 
| WTP | | AC 
+-+-+-+-+-+-+ +-+-+-+-+-+-+ 


|Join Request [Supported IEEE 802.11 
MAC Profiles ] 


| 
| 
Le 


Join Response 
EE | 
|IEEE 802.11 WLAN Config. Request [ | 
| IEEE 802.11 Add WLAN, | 
| E 802.11 MAC Profile 

Co ae | 
|IEEE 802.11 WLAN Config. Response | 
p ee >| 


Figure 4: Message Exchange for Negotiating MAC Profiles 
3. MAC Profile Message Element Definitions 
3.1. IEEE 802.11 Supported MAC Profiles 


The IEEE 802.11 Supported MAC Profile message element allows the WTP 
to communicate the profiles it supports. The Discovery Request 
message, Primary Discovery Request message, and Join Request message 
may include one such message element. 


W 1 2 3 
01234567012345 67012345 67 0 
+=+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- 
| Num_Profiles | Profile_1 | Profile_[2..N].. 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- 

Figure 5: IEEE 802.11 Supported MAC Profiles 


o Type: 1060 for IEEE 802.11 Supported MAC Profiles 
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o Num_Profiles >=1: This refers to the number of profiles present in 
this message element. There must be at least one profile. 


o Profile: Each profile is identified by a value specified in 
Section 3.2. 


3.2. IEEE 802.11 MAC Profile 


The IEEE 802.11 MAC Profile message element allows the AC to select a 
profile. This message element may be provided along with the IEEE 
802.11 ADD WLAN message element while configuring a WLAN on the WTP. 


01234567 
+=+-+-+-+-+-+-+-+ 
| Profile | 
+-+-+-+-+-+-+-+-+ 
Figure 6: IEEE 802.11 MAC Profile 
o Type: 1061 for IEEE 802.11 MAC Profile 


o Profile: The profile is identified by a value as given below 


* 0: This refers to the IEEE 802.11 Split MAC Profile with WTP 
encryption 


* 1: This refers to the IEEE 802.11 Split MAC Profile with AC 
encryption 


4. Security Considerations 


This document does not introduce any new security risks compared to 
[RFC5416]. The negotiation messages between the WTP and AC have 
origin authentication and data integrity. As a result, an attacker 
cannot interfere with the messages to force a less-secure mode 
choice. The security considerations described in [RFC5416] apply 
here as well. 
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5. IANA Considerations 


The following IANA actions have been completed. 


O 


Shao, 


This specification defines two new message elements: IEEE 802.11 
Supported MAC Profiles (described in Section 3.1) and the IEEE 
802.11 MAC Profile (described in Section 3.2). These elements 
have been registered in the existing "CAPWAP Message Element Type" 
registry, defined in [RFC5415]. 


CAPWAP Protocol Message Element Type Value 
IEEE 802.11 Supported MAC Profiles 1060 
TEEE 802.11 MAC Profile 1061 


The IEEE 802.11 Supported MAC Profiles message element and IEEE 
802.11 MAC Profile message element include a Profile field (as 
defined in Section 3.2). The Profile field in the IEEE 802.11 
Supported MAC Profiles denotes the MAC Profiles supported by the 
WIP. The Profile field in the IEEE 802.11 MAC Profile denotes the 
MAC Profile assigned to the WTP. The namespace for the field is 8 
bits (0-255). This specification defines two values: zero (0) and 
one (1) as described below. The remaining values (2-255) are 
controlled and maintained by IANA, and the registration procedure 
is Expert Review [RFC5226]. IANA has created a new subregistry 
called "IEEE 802.11 Split MAC Profile" under the existing registry 
"Control And Provisioning of Wireless Access Points (CAPWAP) 


Parameters". The registry format is given below. 
Profile Type Value Reference 
Split MAC with WTP encryption 0 RFC 7494 
Split MAC with AC encryption 1 RFC 7494 
et al. Standards Track [Page 10] 
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